Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!mcnc!rti!dg-rtp!larrybud.rtp.dg.com!goudreau
From: goudreau@larrybud.rtp.dg.com (Bob Goudreau)
Newsgroups: comp.unix.internals
Subject: Re: clearing SUID and SGID bits on non-root write
Keywords: SUID, SGID, SVID, SVR4
Message-ID: <1990Dec6.005358.6336@dg-rtp.dg.com>
Date: 6 Dec 90 00:53:58 GMT
References: <1990Dec5.135759.12508@noao.edu>
Sender: usenet@dg-rtp.dg.com (Usenet Administration)
Reply-To: goudreau@larrybud.rtp.dg.com (Bob Goudreau)
Organization: Data General Corporation, Research Triangle Park, NC
Lines: 22

In article <1990Dec5.135759.12508@noao.edu>, rstevens@noao.edu (Rich Stevens) writes:
>
> BSD-based systems (SunOS and 4.3BSD, for example) specifically state
> on the chmod(2) man page that a non-superuser process writing to a
> file automatically clears the SUID and SGID bits.  That makes sense.
> But, in going through the SVID (Third Edition) and the SVR4 manuals,
> I can't find any reference to this feature.  Do the AT&T Unices really
> not do this ?

Yup, it's true.  System V has avoided this blemish from BSD.

But note that the SVID also mandates that a chown() will result in
the set-UID and set-GID bits being cleared (unless the process has
"appropriate privileges").  Otherwise, the system would have a gaping
security hole:  I could create a file, chmod() it to mode 4755, chown()
it to root, and voila:  I have a setuid root program!

----------------------------------------------------------------------
Bob Goudreau				+1 919 248 6231
Data General Corporation		goudreau@dg-rtp.dg.com
62 Alexander Drive			...!mcnc!rti!xyzzy!goudreau
Research Triangle Park, NC  27709, USA